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IN THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims 

1 . (Currently Amended) A method for reducing the occurrence of unauthorized 
use of on-line resources, comprising: 

storin g business rules for a plurality of companies having on-line resources; 
receiving a message indicating a request from a user to use on-line resources; 
identifying a company associated with the re quested on-line resource from among the 

plurality of companies: 

retrieving the stored business rules for the identified company: 
determining whether the request requires authentication; 

enabling the request to be fulfilled without authentication if the determination indicates 
that authentication is not required; 

obtaining an indicia of physical identification from the user if the determination instead 
indicates that authentication is required; 

comparing the obtained indicia to a stored indicia for the user; and 

enabling the request to be fulfilled if the obtained indicia matches the stored indicia. 
indicia^ 

wherein the step of determining whether the request requ ires authentication includes 
determinin g; whether stored business rules for the identifie d company associated with the 
requested on-line resource indicates that authentication for the u ser is required. 

2. (Previously presented) A method according to claim 1, wherein the step of 
determining whether the request requires authentication includes: 

retrieving a stored profile containing the user's historical authentication patterns 
with respect to a plurality of network elements; 

identifying certain of the plurality of network elements in the stored profile as 
being associated with the requested on-line resource; 
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determining a score for ihe user based on the user's historical authentication 
patterns with the certain network elements; and 

determining whether authentication is required for this request to use the on-line 

resource based on the score. 

3. (Cancelled) 

4. (Currently Amended) A method according to e laim3 claim 1, wherein the step 
of determining whether the stored business rules requires authentication includes: 

determining whether the user is listed by the company as always requiring authentication; 

and 

requiring authentication if the user is listed. 

5. (Currently Amended) A method according to claim 3 claim 1, wherein the step 
of determining whether the stored business rules requires authentication includes: 

determining whether the user is listed by the company as never requiring authentication; 

and 

not requiring authentication if the user is listed. 

6. (Currently Amended) A method according to claim 3 claim L wherein the step 
of determining whether the stored business rules requires authentication includes: 

determining whether the user is listed by the company as being completely denied access; 

and 

completely denying access to the requested on-line resources if the user is listed 

7. (Original) A method according to claim 1, wherein the step of determining 
whether the request requires authentication includes determining whether the request is 
indicative of fraudulent behavior. 
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8. (Original) A method according to claim 7 T wherein the fraudulent behavior is one 
or more of a collision violation, a velocity violation, and a customized trigger- 

9. (Canceled) 

10. (Previously presented) A method according to claim 1, further comprising: 
determining whether the request is a card transaction; 

determining whether restrictions applied to the user and an account associated with the 
request are satisfied by a purchase associated with the request; and 
denying the request if the restrictions are not satisfied 

11. (Original) A method according to claim 10, wherein the restrictions are one or 
more of type of goods to be purchased, amount of purchase, time of purchase and location of 



12. (Previously presented) A method according to claim 1, ftarther comprising: 
determining whether the request is an account transaction; 

determining whether restrictions applied to an account associated with the account 
transaction are satisfied by the request; and 

denying the request if the restrictions are not satisfied. 

13. (Original) A method according to claim 12, wherein the restrictions are one or 
more of frequency of access and time of access. 

14. (Previously presented) A method according to claim 1, further comprising: 
detennining whether the request is an account transaction; 

determining whether use of the requested on-line resources are restricted for an account 

associated with the user; and 

denying the request if the requested on-line resources are restricted for the account. 



purchase. 
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15. (Previously presented) A method according to claim 1 , further comprising: 
determining whether the request is a control transaction; 

determining whether restrictions applied to the user associated with the control 
transaction are satisfied by the request; and 

denying the request if the restrictions are not satisfied. 

16. (Original) A method according to claim 15, wherein the restrictions are one or 
more of a parent control and an other control. 

17. (Canceled) 

18. (Previously presented) A method according to claim 1, wherein the indicia 
comprises a biometric that is one or more of a fingerprint, a voiceprint, a palroprint, an eye scan, 
and a handwriting sample, 

19. (Currently Amended) A method according to elaim3 claim 1, further 
comprising providing access to the plurality of companies to allow them to configure their own 
individual set of stored business rules that are used in the determining step. 

20. (Currently Amended) An apparatus for reducing the occurrence of unauthorized 
use of on-line resources, comprising: 

means for storing business rules for a plura lity of companies having on-line resources; 

means for receiving a message indicating a request from a user to use on-line resources; 

means for identifying a co m pany associated with the requeste d on-line resource from 
among the plurality of companies: 

means for reaving the stored business rules fo r the identified company; 

means for determining whether the request requires authentication; 

means for enabling the request to be fulfilled without authentication if the determination 
indicates that authentication is not required; 
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means for obtaining an indicia of physical identification from the user if the 
determination instead indicates that authentication is required; 

means for comparing the obtained indicia to a stored indicia for the user; and 
means for enabling the request if the obtained indicia matches the stored indicia, indicia, 
wherein the means for determining whether the request requires authentication includes 
TTi ggns for determining whether stored Wiiy^s rules for the identified company associated with 
the requested on-line resource indicates that authe ntication for the user is required. 

21 . (Previously presented) An apparatus according to claim 20 f wherein the means 
for determining whether the request requires authentication includes: 

means for retrieving a stored profile containing the user's historical authentication 
patterns with respect to a plurality of network elements; 

means for identifying certain of the plurality of network elements in the stored 
profile as being associated with the requested on-line resource; 

means for determining a score for the user based on the user's historical 
authentication patterns with the certain network elements; and 

means for determining whether authentication is required for this request to use the on- 
line resource based on the score. 

22. (Canceled) 

23. (Currently Amended) An apparatus according to claim 22 claim 20, wherein the 
means for determining whether the stored business rules requires authentication includes: 

means for determining whether the user is listed by the company as always requiring 
authentication; and 

means for requiring authentication if the user is listed. 

24. (Currently Amended) An apparatus according to claim 22 claim 20. wherein the 
means for determining whether the stored business rules requires authentication includes: 
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means for determining whether the user is listed by the company as never requiring 

authentication; and 

means for not requiring authentication if the user is listed, 

25. (Currently Amended) An apparatus according to claim 22 claim 20, wherein the 
means for determining whether the stored business rules requires authentication includes: 

means for determining whether the user is listed by the company as being completely 
denied access; and 

means for completely denying access to the requested on-line resources if the user is 

listed. 

26. (Original) An apparatus according to claim 20, wherein the means for 
determining whether the request requires authentication includes means for determining whether 
the request is indicative of fraudulent behavior. 

27. (Original) An apparatus according to claim 26, wherein the fraudulent behavior is 
one or more of a collision violation, a velocity violation, and a customized trigger. 



28. (Canceled) 

29. (Previously presented) An appararus according to claim 20, further comprising: 
means for detennining whether the request is a card transaction; 

means for determining whether restrictions applied to the user and an account associated 
with the request are satisfied by a purchase associated with the request; and 
means for denying the request if the restrictions are not satisfied. 

30. (Original) An apparatus according to claim 29, wherein the restrictions are one or 
more of type of goods to be purchased, amount of purchase, time of purchase and location of 
purchase, 
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3L (Previously presented) An apparatus according to claim 20, further comprising: 
means for determining whether the request is an account transaction; 
means for determining whether restrictions applied to an account associated with the 
account transaction are satisfied by the request; and 

means for denying the request if the restrictions are not satisfied. 

32. (Original) An apparatus according to claim 31, wherein the restrictions are one or 
more of frequency of access and time of access. 

33. (Previously presented) An apparatus according to claim 20, further comprising: 
means for determining whether the request is an account transaction; 

means for deteimining whether use of the requested on-line resources are restricted for an 
account associated with the user, and 

means for denying the request if the requested on-line resources are restricted for the 

account. 

34. (Previously presented) An apparatus according to claim 20, further comprising: 
means for determining whether the request is a control transaction; 

means for determining whether restrictions applied to the user associated with the control 
transaction are satisfied by the request; and 

means for denying the request if the restrictions are not satisfied. 

35. (Original) An apparatus according to claim 34, wherein the restrictions are one or 
more of a parent control and an other control. 



36. (Canceled) 

37. (Currently Amended) A* apparatus flr_cf»rrifag to claim 36. claim 35. wherein 
the indicia comprises a biometric that is one or more of a fingerprint, a voiceprint, a palmprint, 
an eye scan, and a handwriting sample. 
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38. (Currently Amended) An apparatus according to claim 33 claim 20, further 
comprising means for providing access to the plurality of companies to allow them to configure 
their own individual set of stored business rules that are used by the determining. 

39. (Currently Amended) An apparatus for reducing the occurrence of unauthorized 
use of on-line resources, comprising: 

a server that is adapted to communicate with a network based service so as to receive a 
message indicating a request from a user to use the network based service; 

a rules subsystem coupled to the server that determines whether the request requires 
authentication, the rules subsystem causing the server to enable the request to be fulfilled without 
authentication if the determination indicates that authentication is not required and causes the 
server to obtain an indicia of physical identification from the user if the rules subsystem instead 
determines that authentication is required; and 

a business rules database coupled to the rules subsyste m, the database storing business 
rules for a plurality of companies having on -line resources: 

an authentication subsystem coupled to the server that compares the obtained indicia to a 
stored indicia for the user, 

wherein the rules subsystem is adapted to identify a comp any associated with the 
requested on-line resource from among the plurality of companies, retrie ve the stored business 
rules for fo p identifi ed comp an y from the business rules database and de termine whether the 
stored business rules for the identified company associated w ith the requested on-line resource 
requires authentication for the user, and 

wherein the server sends a signal to the network based service that the request is to be 
fulfilled if the authentication subsystem determines that the obtained indicia matches the stored 
indicia. 

40. (Currently Amended) An apparatus according to claim 39, further comprising: 
a profile database coupled to the rules subsystem, the profile database maintaining 
a stored profile containing the user's historical authentication patterns with respect to a plurality 
of network elements, 
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wherein the rules subsystem is adapted to retrieve the user's stored profile from 
the profile database in response to the request, identify certain of the plurality of network 
elements in the stored profile as being associated with the requested on-line resource, determine 
a score for the user based on the user's historical authentication patterns with the certain network 
elements, and to determine whether authentication is required for the user for this request to use 
the on-line resource based on the score. 



41.-42. (Canceled) 

43. (Previously Presented) An apparatus according to claim 39, further comprising a 
user profile subsystem coupled to the server which is adapted to determine whether the request is 
indicative of fraudulent behavior, wherein the fraudulent behavior is one or more of a collision 
violation, a velocity violation, and a customized trigger. 

44. (Canceled) 

45. (Currently Amended) An apparatus according to claim 39, wherein the indicia 
is a biometric, the apparatus further comprising a biometrics database that stores a plurality of 
biometrics for a respective plurality of usere, and wherein the biometric io plnyaljty of biometrics 
includes one or more of a fingerprint, a voiceprint, a palmprint, an eye scan, and a handwriting 
sample. 

46. (Previously Presented) A method according to claim 2, wherein the step of 
determining the score includes: 

applying a weight to each of the certain network elements based on a relative importance 
of the certain network elements; 

evaluating the user's historical relationship with each of the certain network elements; 

and 

aggregating the score using the weighted evaluations. 
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47. (Previously Presented) A method according to claim 46, further comprising: 
allowing a system administrator to configure the respective weights for the plurality of 

network elements. 

48. (Previously Presented) An apparatus according to claim 21, wherein the means 
for determining the score includes: 

means applying a weight to each of the certain network elements based on a relative 
importance of the certain network elements; 

means evaluating the user's historical relationship with each of the certain network 
elements; and 

means for aggregating the score using the weighted evaluations. 

49. (Previously Presented) An apparatus according to claim 48, further comprising: 
means for allowing a system administrator to configure the respective weights for the 

plurality of network elements. 

50. (Currently Amended) An apparatus according to claim 11 claim 39, wherein the 
rules subsystem is further adapted to apply a weight to each of the certain network elements 
based on a relative importance of the certain network elements, evaluate the user's historical 
relationship with each of the certain network elements, and aggregate the score using the 
weighted evaluations. 

51. (Previously Presented) An apparatus according to claim 50, further comprising: 
an administrator service that allows a system administrator to configure the respective 

weights for the plurality of network elements. 
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